Connect with us

Hi, what are you looking for?


Email Security

Significant DDoS Attack on ProtonMail Blamed on Russia-Linked Group

Encrypted email provider ProtonMail was hit by a significant distributed denial-of-service (DDoS) attack that appears to have been carried out by a group linked to Russia.

Encrypted email provider ProtonMail was hit by a significant distributed denial-of-service (DDoS) attack that appears to have been carried out by a group linked to Russia.

ProtonMail informed customers on Wednesday morning that its network was targeted in a sustained attack. The organization said that while emails would be delayed, they were not lost as a result of the incident. Some users reported that the attack impacted the ProtonVPN VPN service as well.

ProtonMail hit by Ddos attack

Services were restored roughly three hours after the initial announcement was made.

“The attacks went on for several hours, although the outages were far more brief, usually several minutes at a time with the longest outage on the order of 10 minutes,” ProtonMail stated.

The company says it deals with DDoS attacks on a daily basis, but this attack was more significant and its DDoS protection provider, Radware, needed more time than usual to prepare mitigations.

“While we don’t yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS’s on record,” ProtonMail said in a post on Reddit.

The DDoS attack on ProtonMail may have been significant, but it does not compare to a recent attack that hit an unnamed U.S.-based service provider, which peaked at 1.7 Tbps.

Advertisement. Scroll to continue reading.

A few hours after ProtonMail announced the attack, Germany-based secure email service provider Tutanota also informed users that it had been experiencing a DDoS attack, but it’s unclear if the incidents are related. Tutanota told customers that services had been restored roughly one hour later.

UPDATE. Radware told SecurityWeek that it believes the attackers are actually based in the UK, not Russia.

“We can’t confirm attack size as it varied at different points in the attack. However we can confirm that the attack was high volumetric, multi-vector attack. It included several UDP refection attacks, multiple TCP bursts, and Syn floods,” Radware said.

Related: You Can DDoS an Organization for Just $10 per Hour

Related: New DDoS Attack Method Obfuscates Source Port Data

Related: ProtonMail Launches VPN Application for macOS

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.